-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
5.0, 4.5.6
-
MOODLE_405_STABLE, MOODLE_500_STABLE
-
MDL-85736-405
-
MDL-85736-500
-
- Download MDL-85736.php
and place in your Moodle webroot - Log in as admin (testing on Firefox)
- Navigate to <WWWROOT>/MDL-85736.php in your browser
- Confirm every 5 seconds the page reloads using the following URL:
/MDL-85736.php?foo=bar&counter=<COUNTER> - Confirm the reloaded URL is correctly formed and doesn't double encode the ampersand, and the &counter= value is incremented on each reload
Download MDL-85736.php and place in your Moodle webroot Log in as admin (testing on Firefox) Navigate to <WWWROOT>/ MDL-85736 .php in your browser Confirm every 5 seconds the page reloads using the following URL: /MDL-85736.php?foo=bar&counter=<COUNTER> Confirm the reloaded URL is correctly formed and doesn't double encode the ampersand, and the &counter= value is incremented on each reload - Download MDL-85736.php
-
Code verified against automated checks. 
Checked MDL-85736 using repository: https://github.com/paulholden/moodle.git
MOODLE_405_STABLE (0 errors / 0 warnings) [branch: MDL-85736-405 | CI Job]- MOODLE_500_STABLE (0 errors / 0 warnings) [branch: MDL-85736-500 | CI Job]
- main (0 errors / 0 warnings) [branch: MDL-85736 | CI Job]
More information about this report
Built on: Wed Jun 11 18:28:29 UTC 2025
Code verified against automated checks. Checked MDL-85736 using repository: https://github.com/paulholden/moodle.git MOODLE_405_STABLE (0 errors / 0 warnings) [branch: MDL-85736-405 | CI Job ] MOODLE_500_STABLE (0 errors / 0 warnings) [branch: MDL-85736-500 | CI Job ] main (0 errors / 0 warnings) [branch: MDL-85736 | CI Job ] More information about this report Built on: Wed Jun 11 18:28:29 UTC 2025
on around line 214 of {{lib/classes/output/core_renderer.php }}the http meta-refresh tag is generated with the code below:
if ($this->metarefreshtag == '' && $this->page->periodicrefreshdelay !== null) {
$hook->add_html(
html_writer::empty_tag('meta', [
'http-equiv' => 'refresh',
'content' => $this->page->periodicrefreshdelay . ';url=' . $this->page->url->out(),
]),
);
{{ }}}
The URL component of the tag (in RED above) returns the ESCAPED version of the URL, however, the empty_tag function in which it is wrapped escapes the address a SECOND TIME. Specifically, empty_tag calls the self::attributes which calls self::attribute which calls s($value).
To correct this bug, the part of the line in RED above should be changed to:
$this->page->url->out(false)
which will defer the encoding until the s() function